0001-fixes-5471-html-escape-auto-completer-values.patch - Foreman

Bug #5471 » 0001-fixes-5471-html-escape-auto-completer-values.patch

v1 patch - Dominic Cleal, 05/07/2014 11:05 AM

           model = controller_name == "hosts" ? Host::Managed : model_of_controller
           @items = model.complete_for(params[:search])
           @items = @items.map do |item|
             category = (['and','or','not','has'].include?(item.to_s.sub(/^.*\s+/,''))) ? 'Operators' : ''
             category = (['and','or','not','has'].include?(item.to_s.sub(/^.*\s+/,''))) ? _('Operators') : ''
             part = item.to_s.sub(/^.*\b(and|or)\b/i) {|match| match.sub(/^.*\s+/,'')}
             completed = item.to_s.chomp(part)
             {:completed => completed, :part => part, :label => item, :category => category}
             {:completed => CGI::escapeHTML(completed), :part => CGI::escapeHTML(part), :label => item, :category => category}
           end
         rescue ScopedSearch::QueryNotSupported => e
           @items = [{:error =>e.to_s}]

(1-1/1)